<? session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body><style type="text/css">
<!--
@import url("../menu.css");
-->
</style>
<div align="center"><br>
  <br>
  <?

$username = $_POST[username];
$password = $_POST[password];
if($username!="" && $password!=""){
include("../db_connect.php"); 
connect();
$sql="SET CHARACTER SET UTF8";   
query($sql); 

	$sql = "select * from tb_admin WHERE username='$username'  and password='$password'";
	$qr = select($sql);
	$total = count($qr);	
	if($total <= 0){
	echo "<input  type=\"hidden\" name=\"username\" value=\"$username\">" ;
echo "<div align=\"center\">";
print "<script type='text/javascript'>
alert('ท่านใส่ username หรือ password ไม่ถูกต้อง');
location.replace('index.php');
</script>";
		exit;

	}else{
		
		$_SESSION[sess_userid_admin]=session_id();
		$_SESSION[sess_uid_admin]=$username ; 
		$_SESSION[sess_pwd_admin]=$password ; 
		$_SESSION[sess_pv]=$qr[0]['level'];
	print "<meta http-equiv=refresh content=0;URL=admin.php>";
			exit;
		}
}
else{

			print "<script type='text/javascript'>
alert('ท่านไม่ได้ใส่ username และ password');
location.replace('index.php');
</script>";
			exit;
}
			
			

	
?>
</div>
<div align="center"><br>
  <br>
</div>							
</body>
</html>		